Legal
Data Processing Addendum.
This Addendum forms part of the agreement between you (the controller) and Vortx AI Private Limited (the processor) and governs how we process personal data on your behalf when you use geo.qa. It is available to any customer; a countersigned copy is issued on request for Enterprise plans.
Last updated 7 July 2026
Scope & Roles
This Addendum applies where Vortx AI Private Limited (“Vortx”, “we”) processes personal data contained in customer content on behalf of a customer (“you”) through geo.qa. For that data, you act as the controller (or processor for your own customers) and Vortx acts as the processor (or sub-processor). Each party complies with the data-protection laws that apply to it, including the EU/UK GDPR and India’s Digital Personal Data Protection Act, 2023 (DPDP), as applicable.
Nature of Processing
- Subject-matter: providing the geo.qa services — indexing, recall, detection, and analysis over the content and sensor feeds you connect.
- Duration: for the term of your subscription, plus the deletion window in the section below.
- Categories of data: account and contact details, usage metadata, and any personal data incidentally present in the imagery, streams, documents, or queries you submit.
- Data subjects: your users, and individuals who may appear in the content you process.
Vortx processes personal data only on your documented instructions, including those given through the product, unless required otherwise by law.
Processor Obligations
We will: (a) ensure personnel authorised to process the data are bound by confidentiality; (b) not sell your data or use it to train our foundation models; (c) assist you, taking into account the nature of processing, with your obligations to respond to data-subject requests and to carry out impact assessments; and (d) make available the information reasonably necessary to demonstrate compliance with this Addendum.
Security Measures
We maintain technical and organisational measures appropriate to the risk, including: encryption in transit (TLS) and at rest; per-tenant isolation of customer memory; capability-bound writes; least-privilege access controls and audit logging; and content-addressed, signed records so a stored fact cannot be altered without breaking its receipt. On Enterprise plans, deployments can run inside your own boundary with no calls home. We publish what we do and do not hold at vortx.ai/trust — and we do not claim certifications we have not obtained.
Sub-processors
You authorise Vortx to engage sub-processors to provide the services. Current sub-processors include our cloud and GPU infrastructure providers, our payment processor (Razorpay), and email/transactional-messaging providers. We impose data-protection obligations on each sub-processor no less protective than those in this Addendum, and remain responsible for their performance. We will give notice of a new sub-processor and a reasonable opportunity to object before it begins processing your data.
International Transfers
geo.qa is operated from India, and processing may occur in India and other regions. Where a transfer is subject to the GDPR, it is carried out under an adequacy decision or the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable), together with any supplementary measures required. Enterprise customers can pin data residency to a chosen region.
Data-subject Requests
If we receive a request from a data subject to exercise their rights (access, correction, erasure, portability, objection), we will not respond directly except on your instruction, and will promptly forward the request to you. Account holders can export and delete their own data from within the product.
Breach Notification
We will notify you without undue delay after becoming aware of a personal-data breach affecting your data, with the information reasonably available to us, and will take reasonable steps to mitigate and remediate it.
Return & Deletion
On termination, and on request during the term, we will return or delete customer personal data. Unless you instruct otherwise or law requires retention, customer content is deleted within 30 days of the end of your subscription. Signed receipts you exported remain independently verifiable after your subscription ends, since they are self-contained.
Contact
For DPA questions, a countersigned copy, or to reach our data-protection contact, email avijeet@vortx.ai. This Addendum supplements, and where it conflicts on data protection takes precedence over, our Terms and Privacy Policy.
Last updated 7 July 2026 · Vortx AI Private Limited (CIN U72200JH2024PTC023101) · Bengaluru, India · avijeet@vortx.ai
Need it countersigned?
Enterprise plans get a signed DPA, data-residency options, and a named contact.
geo.qa · a vortx ground decoder · emem.dev open protocol